package com.jisf.driver.controller;

import com.jisf.driver.entity.po.User;
import com.jisf.driver.response.Result;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PostFilter;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.List;

/**
 * @Classname TestController
 * @Description TODO
 * @Date 2022/2/20 13:57
 * @Created by jisf：【429627912@qq.com】
 */

@RestController
@RequestMapping("driver")
public class TestController {

    @GetMapping("hello")
    public String hello(){
        return "hello secyrity!";
    }

    @PostMapping("/about/examine")
    public Result<?> a(){
        return Result.ok("考试预约成功");
    }

    @GetMapping("hello1")
    @PreAuthorize("hasAnyAuthority('test')")
    public String hello1(){
        return "hello1 no security!";
    }

    @GetMapping("hello2")
    @PreAuthorize("@myExpressionRoot.hasAuthority('test')")
    public String hello2(){
        return "hello2 !";
    }

    @GetMapping("index")
    public String index(){
        return "hello index!";
    }

    @GetMapping("index2")
    public String index2(){
        return "hello index2!";
    }

    @GetMapping("update")
    @Secured({"ROLE_sale","ROLE_manager"})  //判断是否具有角色
    public String update(){
        return "Hello update";
    }

    @GetMapping("update2")
    @PreAuthorize("hasAnyAuthority('admins')")  //进入方法前的权限验证
    public String update2(){
        return "Hello update2";
    }

    @GetMapping("update3")
    @PostAuthorize("hasAnyAuthority('admins')")  //方法执行后的权限验证
    public String update3(){
        return "Hello update3";
    }

    @GetMapping("update4")
    @PostAuthorize("hasAnyAuthority('admins')") //方法返回的数据进行过滤
//    @PreFilter("")  //传入方法数据进行过滤
    @PostFilter("filterObject.username == '1'")
    public List<User> update4(){

        return null;
    }

    @PostMapping("csrf")
    public String csrf(){
        return "Hello csrf";
    }
}
